One suggestion: Why not wander over to Jonathan Fowler's games web site http://jonof.edgenetwork.org/ and take a look?
The engine behind Duke Nukem 3D (and Shadow Warrior) was written by Ken Silverman, and was called the "Build Engine." Ken released the source code for the engine in 2000, then 3D Realms released the code for Duke in 2003 and for Shadow Warrior in 2005.
Jonathan Fowler (JonoF) has ported all of these from Win95/Win98 to WinXP, with Ken Silverman's help.
At the very least, give the games a try - JonoF and Ken did some very fine work, and it's a lot of fun to play with Duke and Lo Wang once more.
And, you never know - the work they already did may be useful to you as a springboard for the project you have in mind.
As the person above said - do plan to put some time into this.
Since you're talking about career choices, you might want to approach the topic from the broader sense - not just Network Security but Information Security.
InfoSec is a broad, fascinating field. And as with the field of medicine in the early 1800's, everyone is an expert, but no-one really knows enough.
There seem to be six main "practitioner" fields, right now:
1) Documentation (certification and compliance)
2) Network / Systems Administration
3) Legal and Physical Protection
4) Management of all the above
5) Countermeasure Device Development and
6) Training.
By "Countermeasure Device Development" here I mean such things as writing / building programs (or appliances) to simply "improve the situation". This currently includes developing such things as Firewalls, Intrusion Detection Systems, Vulnerability Analysis systems, Systems Hardening software, etc. That field is open-ended.
At first glance, this sounds like what you're thinking about. As to programming skills - don't worry. If you love a thing enough you'll do it a lot. If you love a thing a lot and do it a lot you'll get quite good at it (One suggestion, though - the best way to debug code? Don't put bugs in when you write the code in the first place - makes debugging infinitely easier).
If writing such software is what you're thinking about - talk with folks who have already done it. Find a way to talk with Marty Roesch (who wrote Snort), Renaud Derraison (who wrote Nessus), Ron Gula (who wrote the Dragon firewall) - you get the picture. People capable of writing such devices are in a very small, select group - and they're very good people.
As other people here have said, take a look at the ten areas of knowledge that the CISSP certification considers (Certified Information Systems Security Professional - go to http://www.isc2.org./ That will give you a broad overview of the technical side of the field.
Do also look at the GIAC (Global Information Assurance Certification) program that SANS encourages (http://www.sans.org./ As I understand it, both the CISSP and the GIAC certs each have both breadth and depth, but the CISSP is primarily interested in breadth with a reduced depth, whereas the GIAC selects a narrower subset and drills more deeply into that.
To thrive in the field - to even enjoy the field - you'll need both breadth and depth.
And speaking of breadth, do also read Kevin Mitnick's book "The Art of Deception." This is about the part of InfoSec that's the toughest to solve computationally - the human element. In my opinion his solutions listed in that book to the problems of social engineering don't go deep enough, but _nobody_ understands social engineering as well as he does.
In fact, speaking of the human element, do also take a look at the CPP (Certified Protection Professional) certification from ASIS International (http://www.asisonline.org./ This certification deals not only with how to use computers to find the bad guys, but what to do once you've found them. Interesting.
InfoSec - it can be frustrating; it can be fun. Enjoy!
And on the Macintosh (in 1984) a single-click selected an application. A double-click launched the app.
Isn't that "prior use"?
Microsoft, at the time, and for several years afterwards, said that "point-and-click" was only for toys; they and their "real" systems eschewed the entire interface.
From the article: "Figuring the disks were bootlegs, a four-man RIAA squad... persuaded [him] to hand over voluntarily a total of 78 disks."
"No, no Your Honor - I'm not a bank robber! Figuring the money in that bank was all counterfeit, I simply persuaded the teller to voluntarily hand over all the money."
On the other hand, Kevin Mitnick's "The Art of Deception" is THE most important book available concerning Information Security - period. It has its flaws, sure - it often seems endlessly repetitive (First you Tell 'em what you're gonna tell 'em, then you Tell 'em, then you Tell 'em what you told 'em...). But that's due to the fundamental problem Mitnick faces: How do you get people to understand something that's blindingly obvious to yourself? To call the book "Passwords for dummies" misses the point. The point that Mitnick's dealing with is the fact that the World (the Real World) doesn't see a password as a key to a lock, the Real World sees a password as yet another On/Off switch (and a "needlessly complicated" one, at that).
And that "Hey, it's only an On/Off pushbutton, what's the big deal" attitude is THE biggest problem in the Information Security world. A thing that Kevin documents - beautifully, and fascinatingly. His proposed solutions don't "satisfy" (I expect he needs to give more thought to the question of "How do we keep them out?"), but boy - _nobody_ documents the fundamental Security problem so well!
Slashdot Mirror
I like and respect Roger Ebert quite a bit, but here he's confusing the creation of art with how art is used.
He's judging a (potential) work of art by how it's used, rather than by what goes into its creation.
A game may or may not possibly be a work of art - I don't know.
But by Mr. Ebert's own yardstick (the use of the product), nothing hanging in any Museum is a work of art either.
All people do with the things displayed in Museums is to walk and look at them. How artistic that?
Ah, well ...
One suggestion: Why not wander over to Jonathan Fowler's games web site http://jonof.edgenetwork.org/ and take a look?
The engine behind Duke Nukem 3D (and Shadow Warrior) was written by Ken Silverman, and was called the "Build Engine." Ken released the source code for the engine in 2000, then 3D Realms released the code for Duke in 2003 and for Shadow Warrior in 2005.
Jonathan Fowler (JonoF) has ported all of these from Win95/Win98 to WinXP, with Ken Silverman's help.
At the very least, give the games a try - JonoF and Ken did some very fine work, and it's a lot of fun to play with Duke and Lo Wang once more.
And, you never know - the work they already did may be useful to you as a springboard for the project you have in mind.
As the person above said - do plan to put some time into this.
Good luck, and enjoy!
You might want to give Win PE (Microsoft Windows Preinstallation Environment) a try.
n efits/winpe.mspx
http://www.microsoft.com/licensing/programs/sa/be
If that doesn't work for you, then by all means take a look at BartPE, as the person above recommended.
http://www.nu2.nu/pebuilder/
Good luck!
Since you're talking about career choices, you might want to approach the topic from the broader sense - not just Network Security but Information Security.
InfoSec is a broad, fascinating field. And as with the field of medicine in the early 1800's, everyone is an expert, but no-one really knows enough.
There seem to be six main "practitioner" fields, right now:
1) Documentation (certification and compliance)
2) Network / Systems Administration
3) Legal and Physical Protection
4) Management of all the above
5) Countermeasure Device Development and
6) Training.
By "Countermeasure Device Development" here I mean such things as writing / building programs (or appliances) to simply "improve the situation". This currently includes developing such things as Firewalls, Intrusion Detection Systems, Vulnerability Analysis systems, Systems Hardening software, etc. That field is open-ended.
At first glance, this sounds like what you're thinking about. As to programming skills - don't worry. If you love a thing enough you'll do it a lot. If you love a thing a lot and do it a lot you'll get quite good at it (One suggestion, though - the best way to debug code? Don't put bugs in when you write the code in the first place - makes debugging infinitely easier).
If writing such software is what you're thinking about - talk with folks who have already done it. Find a way to talk with Marty Roesch (who wrote Snort), Renaud Derraison (who wrote Nessus), Ron Gula (who wrote the Dragon firewall) - you get the picture. People capable of writing such devices are in a very small, select group - and they're very good people.
As other people here have said, take a look at the ten areas of knowledge that the CISSP certification considers (Certified Information Systems Security Professional - go to http://www.isc2.org./ That will give you a broad overview of the technical side of the field.
Do also look at the GIAC (Global Information Assurance Certification) program that SANS encourages (http://www.sans.org./ As I understand it, both the CISSP and the GIAC certs each have both breadth and depth, but the CISSP is primarily interested in breadth with a reduced depth, whereas the GIAC selects a narrower subset and drills more deeply into that.
To thrive in the field - to even enjoy the field - you'll need both breadth and depth.
And speaking of breadth, do also read Kevin Mitnick's book "The Art of Deception." This is about the part of InfoSec that's the toughest to solve computationally - the human element. In my opinion his solutions listed in that book to the problems of social engineering don't go deep enough, but _nobody_ understands social engineering as well as he does.
In fact, speaking of the human element, do also take a look at the CPP (Certified Protection Professional) certification from ASIS International (http://www.asisonline.org./ This certification deals not only with how to use computers to find the bad guys, but what to do once you've found them. Interesting.
InfoSec - it can be frustrating; it can be fun. Enjoy!
Sgt. Pepper told the Mac to play.
And on the Macintosh (in 1984) a single-click selected an application. A double-click launched the app.
Isn't that "prior use"?
Microsoft, at the time, and for several years afterwards, said that "point-and-click" was only for toys; they and their "real" systems eschewed the entire interface.
From the article: "Figuring the disks were bootlegs, a four-man RIAA squad ... persuaded [him] to hand over voluntarily a total of 78 disks."
"No, no Your Honor - I'm not a bank robber! Figuring the money in that bank was all counterfeit, I simply persuaded the teller to voluntarily hand over all the money."
On the other hand, Kevin Mitnick's "The Art of Deception" is THE most important book available concerning Information Security - period. It has its flaws, sure - it often seems endlessly repetitive (First you Tell 'em what you're gonna tell 'em, then you Tell 'em, then you Tell 'em what you told 'em...). But that's due to the fundamental problem Mitnick faces: How do you get people to understand something that's blindingly obvious to yourself? To call the book "Passwords for dummies" misses the point. The point that Mitnick's dealing with is the fact that the World (the Real World) doesn't see a password as a key to a lock, the Real World sees a password as yet another On/Off switch (and a "needlessly complicated" one, at that).
And that "Hey, it's only an On/Off pushbutton, what's the big deal" attitude is THE biggest problem in the Information Security world. A thing that Kevin documents - beautifully, and fascinatingly. His proposed solutions don't "satisfy" (I expect he needs to give more thought to the question of "How do we keep them out?"), but boy - _nobody_ documents the fundamental Security problem so well!
Worth a read, if you're interested in Security.